Managing permissions (chmod)

In Linux, access to files and directories is regulated by a permission system. Each file/directory belongs to an owner user and a group of users.

Permissions are divided into three categories of recipients:

1. User (u): The owner of the file.
2. Group (g): Members of the group associated with the file.
3. Others (o): Everyone else on the system.

For each category, there are three types of actions allowed or denied:

• Read (r): View file contents or list directory contents.
• Write (w): Edit the file or create/delete files in a directory.
• Execute (x): Run a file (e.g. a script) or enter a directory.

Typical notation shown by ls -l: -rwxr-xr-x. The first character indicates the type (e.g. - for file, d for directory), followed by three triplets for user, group, and others.

Changing Permissions: chmod

The chmod (change mode) command allows you to modify file permissions. There are two main ways to specify them:

1. Symbolic Mode

Uses letters and operators (+, -, =) to add, remove, or set permissions:

chmod u+x script.sh    # Adds execute permission (x) to the owner (u)
chmod g-w file.txt     # Removes write permission (w) from the group (g)
chmod a+r file.txt     # Makes the file readable by everyone (all: u, g, o)

2. Octal Mode (Numeric)

Uses three octal digits from 0 to 7, where each digit represents the sum of the category's permissions (r=4, w=2, x=1):

• 7 = rwx (4 + 2 + 1)
• 6 = rw- (4 + 2)
• 5 = r-x (4 + 1)
• 4 = r-- (4)
• 0 = --- (no permissions)

chmod 755 script.sh    # Owner: rwx (7), Group: r-x (5), Others: r-x (5)
chmod 600 private.key  # Owner: rw- (6), Group: --- (0), Others: --- (0)

Try it yourself

Exercise 1: Set standard permissions

Exercise 2: Protect a private key

Exercise 3: Make a file executable for all